Vulnerability-Lookup

CVE-2015-7257 (GCVE-0-2015-7257)

Vulnerability from cvelistv5 – Published: 2017-08-24 20:00 – Updated: 2024-08-06 07:43

Summary

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

GHSA-748X-222R-QC52

Vulnerability from github – Published: 2022-05-17 01:22 – Updated: 2025-04-20 03:43

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7257"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-24T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from \"support\" to \"admin\".",
  "id": "GHSA-748x-222r-qc52",
  "modified": "2025-04-20T03:43:49Z",
  "published": "2022-05-17T01:22:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7257"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/38772"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2015/Nov/48"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201708-0144

Vulnerability from variot - Updated: 2025-04-20 23:27

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin". ZTE ADSL ZXV10 W300 Modems are vulnerable to password management functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTEADSLZXV10W300 is an ADSL modem (Modem) product from China ZTE Corporation (ZTE). A security vulnerability exists in the ZTEADSLZXV10W300W300V2.1.0f_ER7_PE_O57 version and the W300V2.1.0h_ER7_PE_O57 version. There are security vulnerabilities in ZTE ADSL ZXV10 W300 W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57. ZTE ADSL modems - Multiple vulnerabilities

Confirmed on 2 (of multiple) software versions - W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57

1 Insufficient authorization controls

CVE-ID: CVE-2015-7257

Observed in Password Change functionality. Other functions may be vulnerable as well. 'support' is a diagnostic user with restricted privileges.

Steps to reproduce:

a. Login as user 'support' password XXX

b. Access Password Change page - http:///password.htm

c. Submit request

d. Enter the new password > old password is not requested > Submit

> Login as admin

-> Pwn!

2 Sensitive information disclosure - clear-text passwords

Displaying user information over Telnet connection, shows all valid users and their passwords in clear-text.

CVE-ID: CVE-2015-7258

Steps to reproduce:

$ telnet

Trying ...

Connected to .

Escape character is '^]'.

User Access Verification

Username: admin

Password: < admin/XXX1

$sh

ADSL#login show <-- shows user information

Username Password Priority

admin password1 2

support password2 0

admin password3 1

3 (Potential) Backdoor account feature - insecure account management

Same login account can exist on the device, multiple times, each with different priority#. It is possible to log in to device with either of the username/password combination.

CVE-ID: CVE-2015-7259

It is considered as a (redundant) login support feature.

Steps to reproduce:

$ telnet

Trying ...

Connected to .

Escape character is '^]'

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0144",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "zxv10 w300",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "zte",
        "version": "w300v2.1.0f_er7_pe_o57"
      },
      {
        "model": "zxv10 w300",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "zte",
        "version": "w300v2.1.0h_er7_pe_o57"
      },
      {
        "model": "adsl zxv10 w300 w300v2.1.0f er7 pe o57",
        "scope": null,
        "trust": 0.6,
        "vendor": "zte",
        "version": null
      },
      {
        "model": "adsl zxv10 w300 w300v2.1.0h er7 pe o57",
        "scope": null,
        "trust": 0.6,
        "vendor": "zte",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-28177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007769"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1099"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7257"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:zte:zxv10_w300_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007769"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Karn Ganeshen",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "134336"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2015-7257",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.8,
            "id": "CVE-2015-7257",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.8,
            "id": "CNVD-2017-28177",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.8,
            "id": "VHN-85218",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.6,
            "id": "CVE-2015-7257",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-7257",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-7257",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-28177",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201708-1099",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85218",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-28177"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85218"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007769"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1099"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7257"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from \"support\" to \"admin\". ZTE ADSL ZXV10 W300 Modems are vulnerable to password management functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTEADSLZXV10W300 is an ADSL modem (Modem) product from China ZTE Corporation (ZTE). A security vulnerability exists in the ZTEADSLZXV10W300W300V2.1.0f_ER7_PE_O57 version and the W300V2.1.0h_ER7_PE_O57 version. There are security vulnerabilities in ZTE ADSL ZXV10 W300 W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57. *ZTE ADSL modems - Multiple vulnerabilities*\n\nConfirmed on 2 (of multiple) software versions - *W300V2.1.0f_ER7_PE_O57\nand W300V2.1.0h_ER7_PE_O57*\n\n1 *Insufficient authorization controls*\n\n*CVE-ID*: CVE-2015-7257\n\nObserved in Password Change functionality. Other functions may be\nvulnerable as well. \u0027support\u0027 is a diagnostic user with restricted\nprivileges. \n\n\n*Steps to reproduce:*\n\na. Login as user \u0027support\u0027 password XXX\n\nb. Access Password Change page - http://\u003cIP\u003e/password.htm\n\nc. Submit request\n\nd. Enter the new password \u00ad\u003e old password is not requested \u00ad\u003e Submit\n\n\u00ad\u003e Login as admin\n\n-\u003e Pwn!\n\n\n\n2 *Sensitive information disclosure - clear-text passwords*\n\nDisplaying user information over Telnet connection, shows all valid users\nand their passwords in clear\u00ad-text. \n\n*CVE-ID*: CVE-2015-7258\n\n*Steps to reproduce:*\n\n$ telnet \u003cIP\u003e\n\nTrying \u003cIP\u003e... \n\nConnected to \u003cIP\u003e. \n\nEscape character is \u0027^]\u0027. \n\nUser Access Verification\n\nUsername: admin\n\nPassword: \u003c\u00ad\u00ad\u00ad admin/XXX1\n\n$sh\n\nADSL#login show                 \u003c--\u00ad\u00ad\u00ad shows user information\n\nUsername Password Priority\n\nadmin        password1 2\n\nsupport      password2 0\n\nadmin         password3 1\n\n\n\n3 *(Potential) Backdoor account feature - **insecure account management*\n\nSame login account can exist on the device, multiple times, each with\ndifferent priority#. It is possible to log in to device with either of the\nusername/password combination. \n\n*CVE-ID*: CVE-2015-7259\n\nIt is considered as a (redundant) login support *feature*. \n\n\n*Steps to reproduce:*\n\n$ telnet \u003cIP\u003e\n\nTrying \u003cIP\u003e... \n\nConnected to \u003cIP\u003e. \n\nEscape character is \u0027^]\u0027",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7257"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007769"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28177"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85218"
      },
      {
        "db": "PACKETSTORM",
        "id": "134336"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-85218",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85218"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7257",
        "trust": 3.2
      },
      {
        "db": "EXPLOIT-DB",
        "id": "38772",
        "trust": 2.3
      },
      {
        "db": "PACKETSTORM",
        "id": "134336",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "134493",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007769",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1099",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28177",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-85218",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-28177"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85218"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007769"
      },
      {
        "db": "PACKETSTORM",
        "id": "134336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1099"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7257"
      }
    ]
  },
  "id": "VAR-201708-0144",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-28177"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85218"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-28177"
      }
    ]
  },
  "last_update_date": "2025-04-20T23:27:21.742000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ZXV10 W300",
        "trust": 0.8,
        "url": "http://wwwen.zte.com.cn/pub/en/products/access/cpe/201111/t20111110_262340.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007769"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-640",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85218"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007769"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7257"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2015/nov/48"
      },
      {
        "trust": 2.3,
        "url": "https://www.exploit-db.com/exploits/38772/"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/134336/zte-adsl-authorization-bypass-information-disclosure.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/134493/zte-adsl-zxv10-w300-authorization-disclosure-backdoor.html"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7257"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7257"
      },
      {
        "trust": 0.1,
        "url": "http://\u003cip\u003e/password.htm"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7259"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7258"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-28177"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85218"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007769"
      },
      {
        "db": "PACKETSTORM",
        "id": "134336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1099"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7257"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-28177"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85218"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007769"
      },
      {
        "db": "PACKETSTORM",
        "id": "134336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1099"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7257"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-28177"
      },
      {
        "date": "2017-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85218"
      },
      {
        "date": "2017-09-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007769"
      },
      {
        "date": "2015-11-14T13:33:33",
        "db": "PACKETSTORM",
        "id": "134336"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-1099"
      },
      {
        "date": "2017-08-24T20:29:00.393000",
        "db": "NVD",
        "id": "CVE-2015-7257"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-28177"
      },
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85218"
      },
      {
        "date": "2017-09-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007769"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-1099"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2015-7257"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1099"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ZTE ADSL ZXV10 W300 Modem password management vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007769"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1099"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2017-28177

Vulnerability from cnvd - Published: 2017-09-26

Title

ZTE ADSL ZXV10 W300密码拦截漏洞

Description

ZTE ADSL ZXV10 W300是中国中兴通讯（ZTE）公司的一款ADSL调制解调器（Modem）产品。 ZTE ADSL ZXV10 W300 W300V2.1.0f_ER7_PE_O57版本和W300V2.1.0h_ER7_PE_O57版本中存在安全漏洞。远程攻击者可通过拦截传出的密码更改请求并将‘support’用户名参数改为‘admin’，利用该漏洞更改管理员密码。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： http://www.zte.com.cn

Reference

https://nvd.nist.gov/vuln/detail/CVE-2015-7257 https://www.exploit-db.com/exploits/38772/

Impacted products

Name
['ZTE ADSL ZXV10 W300 W300V2.1.0f_ER7_PE_O57', 'ZTE ADSL ZXV10 W300 W300V2.1.0h_ER7_PE_O57']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7257"
    }
  },
  "description": "ZTE ADSL ZXV10 W300\u662f\u4e2d\u56fd\u4e2d\u5174\u901a\u8baf\uff08ZTE\uff09\u516c\u53f8\u7684\u4e00\u6b3eADSL\u8c03\u5236\u89e3\u8c03\u5668\uff08Modem\uff09\u4ea7\u54c1\u3002\r\n\r\nZTE ADSL ZXV10 W300 W300V2.1.0f_ER7_PE_O57\u7248\u672c\u548cW300V2.1.0h_ER7_PE_O57\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u62e6\u622a\u4f20\u51fa\u7684\u5bc6\u7801\u66f4\u6539\u8bf7\u6c42\u5e76\u5c06\u2018support\u2019\u7528\u6237\u540d\u53c2\u6570\u6539\u4e3a\u2018admin\u2019\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u7ba1\u7406\u5458\u5bc6\u7801\u3002",
  "discovererName": "Karn Ganeshen",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttp://www.zte.com.cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-28177",
  "openTime": "2017-09-26",
  "products": {
    "product": [
      "ZTE ADSL ZXV10 W300 W300V2.1.0f_ER7_PE_O57",
      "ZTE ADSL ZXV10 W300 W300V2.1.0h_ER7_PE_O57"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2015-7257\r\nhttps://www.exploit-db.com/exploits/38772/",
  "serverity": "\u9ad8",
  "submitTime": "2017-08-25",
  "title": "ZTE ADSL ZXV10 W300\u5bc6\u7801\u62e6\u622a\u6f0f\u6d1e"
}

GSD-2015-7257

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-7257

Aliases

CVE-2015-7257

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7257",
    "description": "ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from \"support\" to \"admin\".",
    "id": "GSD-2015-7257",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-7257"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7257"
      ],
      "details": "ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from \"support\" to \"admin\".",
      "id": "GSD-2015-7257",
      "modified": "2023-12-13T01:20:02.109071Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2015-7257",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from \"support\" to \"admin\"."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "38772",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/38772/"
          },
          {
            "name": "20151114 ZTE ADSL modems - Multiple vulnerabilities",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2015/Nov/48"
          },
          {
            "name": "http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zte:zxv10_w300_firmware:w300v2.1.0f_er7_pe_o57:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zte:zxv10_w300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zte:zxv10_w300_firmware:w300v2.1.0h_er7_pe_o57:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zte:zxv10_w300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-7257"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from \"support\" to \"admin\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-640"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "38772",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/38772/"
            },
            {
              "name": "20151114 ZTE ADSL modems - Multiple vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Nov/48"
            },
            {
              "name": "http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html",
              "refsource": "MISC",
              "tags": [
                "VDB Entry",
                "Third Party Advisory"
              ],
              "url": "http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-08-29T16:17Z",
      "publishedDate": "2017-08-24T20:29Z"
    }
  }
}

FKIE_CVE-2015-7257

Vulnerability from fkie_nvd - Published: 2017-08-24 20:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cret@cert.org	http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html	Third Party Advisory, VDB Entry
cret@cert.org	http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html	Third Party Advisory, VDB Entry
cret@cert.org	http://seclists.org/fulldisclosure/2015/Nov/48	Mailing List, Third Party Advisory
cret@cert.org	https://www.exploit-db.com/exploits/38772/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2015/Nov/48	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/38772/	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
zte	zxv10_w300_firmware	w300v2.1.0f_er7_pe_o57
zte	zxv10_w300	-
zte	zxv10_w300_firmware	w300v2.1.0h_er7_pe_o57
zte	zxv10_w300	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zte:zxv10_w300_firmware:w300v2.1.0f_er7_pe_o57:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B399157-5107-4AB9-AB62-3FCB6858BB0B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zte:zxv10_w300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E878B7D8-06D3-4B94-A3C4-9065B0240790",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zte:zxv10_w300_firmware:w300v2.1.0h_er7_pe_o57:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA81EABD-FA3A-4F33-AF32-E1C04303E735",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zte:zxv10_w300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E878B7D8-06D3-4B94-A3C4-9065B0240790",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from \"support\" to \"admin\"."
    },
    {
      "lang": "es",
      "value": "Los modems ZTE ADSL ZXV10 W300, W300V2.1.0f_ER7_PE_O57 y W300V2.1.0h_ER7_PE_O57 permiten que usuarios sin privilegio de administrador, autenticados y remotos cambien la contrase\u00f1a de administrador interceptando una petici\u00f3n saliente de cambio de contrase\u00f1a y cambiando el par\u00e1metro username de \"support\" a \"admin\"."
    }
  ],
  "id": "CVE-2015-7257",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-24T20:29:00.393",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2015/Nov/48"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/38772/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2015/Nov/48"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/38772/"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-640"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-7257 (GCVE-0-2015-7257)

GHSA-748X-222R-QC52

VAR-201708-0144

CNVD-2017-28177

GSD-2015-7257

FKIE_CVE-2015-7257

Tags

Sightings

Nomenclature